`New eVuln Advisory:
CaLogic Calendars Multiple XSS Vulnerabilities
http://evuln.com/vulns/24/summary/bt/
--------------------Summary----------------
Software: CaLogic Calendars
Sowtware's Web Site: http://www.calogic.de/
Versions: 1.2.2
Critical Level: Moderate
Type: Cross-Site Scripting
Class: Remote
Status: Unpatched
Exploit: Available
Solution: Not Available
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)
eVuln ID: EV0024
-----------------Description---------------
Most of user-defined variables are not properly sanitized. Most user data may contain html tags. Tag <script> is replaced by < script > But this is not enought to prevent posting a script code. User data may contain <iframe> tag.
This can be used to post arbitrary html or script code which will be executed by browser of every visitor.
--------------Exploit----------------------
Example:
Adding New Event page:
Title value: <XSS>
--------------Solution---------------------
No Patch available.
--------------Credit-----------------------
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation